The ransomware group REvil, which has taken responsibility for the attack on the IT company Kaseya and its customers, has offered a universal decryption key at a record price of $70 million.<\/p>\n\n\n\n
Kaseya, a well-known business IT company, is the latest victim of REvil’s data encryption attack.<\/p>\n\n\n\n
The attack on Kaseya appears to be financially motivated, but its impact is similar to the Kremlin-backed attack on SolarWind’s Orion network management software.<\/p>\n\n\n\n
The attack exploited a zero-day or previously unknown vulnerability in the Kaseya VSA.<\/p>\n\n\n\n
U.S. President Joe Biden said the U.S. believed the Kremlin had nothing to do with the attack.<\/p>\n\n\n\n
On Sunday, Anne Neuberger, deputy national security adviser for cyber and new technologies, instructed victims to report incidents to the FBI’s IC3 (Internet Crime Complaint Center).<\/p>\n\n\n\n
VSA customers are advised to download the VSA detection tool, which helps security teams find REvil components on their networks.<\/p>\n\n\n\n
It is also recommended that VSA customers require multifactor authentication for each account, not just administrator accounts with high privileges.<\/p>\n\n\n\n
VSA customers were also urged to implement an authorization list to restrict communication with remote monitoring and management (RMM) capabilities to known IP address pairs and\/or to place RMM administrative interfaces behind a virtual private network (VPN) or firewall on a dedicated administrative network.<\/p>\n\n\n